'use strict'

const fs = require('graceful-fs')
const os = require('os')
const tar = require('tar')
const path = require('path')
const crypto = require('crypto')
const log = require('npmlog')
const semver = require('semver')
const request = require('request')
const processRelease = require('./process-release')
const win = process.platform === 'win32'
const getProxyFromURI = require('./proxy')

function install (fs, gyp, argv, callback) {
  var release = processRelease(argv, gyp, process.version, process.release)

  // ensure no double-callbacks happen
  function cb (err) {
    if (cb.done) {
      return
    }
    cb.done = true
    if (err) {
      log.warn('install', 'got an error, rolling back install')
      // roll-back the install if anything went wrong
      gyp.commands.remove([release.versionDir], function () {
        callback(err)
      })
    } else {
      callback(null, release.version)
    }
  }

  // Determine which node dev files version we are installing
  log.verbose('install', 'input version string %j', release.version)

  if (!release.semver) {
    // could not parse the version string with semver
    return callback(new Error('Invalid version number: ' + release.version))
  }

  if (semver.lt(release.version, '0.8.0')) {
    return callback(new Error('Minimum target version is `0.8.0` or greater. Got: ' + release.version))
  }

  // 0.x.y-pre versions are not published yet and cannot be installed. Bail.
  if (release.semver.prerelease[0] === 'pre') {
    log.verbose('detected "pre" node version', release.version)
    if (gyp.opts.nodedir) {
      log.verbose('--nodedir flag was passed; skipping install', gyp.opts.nodedir)
      callback()
    } else {
      callback(new Error('"pre" versions of node cannot be installed, use the --nodedir flag instead'))
    }
    return
  }

  // flatten version into String
  log.verbose('install', 'installing version: %s', release.versionDir)

  // the directory where the dev files will be installed
  var devDir = path.resolve(gyp.devDir, release.versionDir)

  // If '--ensure' was passed, then don't *always* install the version;
  // check if it is already installed, and only install when needed
  if (gyp.opts.ensure) {
    log.verbose('install', '--ensure was passed, so won\'t reinstall if already installed')
    fs.stat(devDir, function (err) {
      if (err) {
        if (err.code === 'ENOENT') {
          log.verbose('install', 'version not already installed, continuing with install', release.version)
          go()
        } else if (err.code === 'EACCES') {
          eaccesFallback(err)
        } else {
          cb(err)
        }
        return
      }
      log.verbose('install', 'version is already installed, need to check "installVersion"')
      var installVersionFile = path.resolve(devDir, 'installVersion')
      fs.readFile(installVersionFile, 'ascii', function (err, ver) {
        if (err && err.code !== 'ENOENT') {
          return cb(err)
        }
        var installVersion = parseInt(ver, 10) || 0
        log.verbose('got "installVersion"', installVersion)
        log.verbose('needs "installVersion"', gyp.package.installVersion)
        if (installVersion < gyp.package.installVersion) {
          log.verbose('install', 'version is no good; reinstalling')
          go()
        } else {
          log.verbose('install', 'version is good')
          cb()
        }
      })
    })
  } else {
    go()
  }

  function getContentSha (res, callback) {
    var shasum = crypto.createHash('sha256')
    res.on('data', function (chunk) {
      shasum.update(chunk)
    }).on('end', function () {
      callback(null, shasum.digest('hex'))
    })
  }

  function go () {
    log.verbose('ensuring nodedir is created', devDir)

    // first create the dir for the node dev files
    fs.mkdir(devDir, { recursive: true }, function (err, created) {
      if (err) {
        if (err.code === 'EACCES') {
          eaccesFallback(err)
        } else {
          cb(err)
        }
        return
      }

      if (created) {
        log.verbose('created nodedir', created)
      }

      // now download the node tarball
      var tarPath = gyp.opts.tarball
      var badDownload = false
      var extractCount = 0
      var contentShasums = {}
      var expectShasums = {}

      // checks if a file to be extracted from the tarball is valid.
      // only .h header files and the gyp files get extracted
      function isValid (path) {
        var isValid = valid(path)
        if (isValid) {
          log.verbose('extracted file from tarball', path)
          extractCount++
        } else {
          // invalid
          log.silly('ignoring from tarball', path)
        }
        return isValid
      }

      // download the tarball and extract!
      if (tarPath) {
        return tar.extract({
          file: tarPath,
          strip: 1,
          filter: isValid,
          cwd: devDir
        }).then(afterTarball, cb)
      }

      try {
        var req = download(gyp, process.env, release.tarballUrl)
      } catch (e) {
        return cb(e)
      }

      // something went wrong downloading the tarball?
      req.on('error', function (err) {
        if (err.code === 'ENOTFOUND') {
          return cb(new Error('This is most likely not a problem with node-gyp or the package itself and\n' +
            'is related to network connectivity. In most cases you are behind a proxy or have bad \n' +
            'network settings.'))
        }
        badDownload = true
        cb(err)
      })

      req.on('close', function () {
        if (extractCount === 0) {
          cb(new Error('Connection closed while downloading tarball file'))
        }
      })

      req.on('response', function (res) {
        if (res.statusCode !== 200) {
          badDownload = true
          cb(new Error(res.statusCode + ' response downloading ' + release.tarballUrl))
          return
        }
        // content checksum
        getContentSha(res, function (_, checksum) {
          var filename = path.basename(release.tarballUrl).trim()
          contentShasums[filename] = checksum
          log.verbose('content checksum', filename, checksum)
        })

        // start unzipping and untaring
        res.pipe(tar.extract({
          strip: 1,
          cwd: devDir,
          filter: isValid
        }).on('close', afterTarball).on('error', cb))
      })

      // invoked after the tarball has finished being extracted
      function afterTarball () {
        if (badDownload) {
          return
        }
        if (extractCount === 0) {
          return cb(new Error('There was a fatal problem while downloading/extracting the tarball'))
        }
        log.verbose('tarball', 'done parsing tarball')
        var async = 0

        if (win) {
          // need to download node.lib
          async++
          downloadNodeLib(deref)
        }

        // write the "installVersion" file
        async++
        var installVersionPath = path.resolve(devDir, 'installVersion')
        fs.writeFile(installVersionPath, gyp.package.installVersion + '\n', deref)

        // Only download SHASUMS.txt if we downloaded something in need of SHA verification
        if (!tarPath || win) {
          // download SHASUMS.txt
          async++
          downloadShasums(deref)
        }

        if (async === 0) {
          // no async tasks required
          cb()
        }

        function deref (err) {
          if (err) {
            return cb(err)
          }

          async--
          if (!async) {
            log.verbose('download contents checksum', JSON.stringify(contentShasums))
            // check content shasums
            for (var k in contentShasums) {
              log.verbose('validating download checksum for ' + k, '(%s == %s)', contentShasums[k], expectShasums[k])
              if (contentShasums[k] !== expectShasums[k]) {
                cb(new Error(k + ' local checksum ' + contentShasums[k] + ' not match remote ' + expectShasums[k]))
                return
              }
            }
            cb()
          }
        }
      }

      function downloadShasums (done) {
        log.verbose('check download content checksum, need to download `SHASUMS256.txt`...')
        log.verbose('checksum url', release.shasumsUrl)
        try {
          var req = download(gyp, process.env, release.shasumsUrl)
        } catch (e) {
          return cb(e)
        }

        req.on('error', done)
        req.on('response', function (res) {
          if (res.statusCode !== 200) {
            done(new Error(res.statusCode + ' status code downloading checksum'))
            return
          }

          var chunks = []
          res.on('data', function (chunk) {
            chunks.push(chunk)
          })
          res.on('end', function () {
            var lines = Buffer.concat(chunks).toString().trim().split('\n')
            lines.forEach(function (line) {
              var items = line.trim().split(/\s+/)
              if (items.length !== 2) {
                return
              }

              // 0035d18e2dcf9aad669b1c7c07319e17abfe3762  ./node-v0.11.4.tar.gz
              var name = items[1].replace(/^\.\//, '')
              expectShasums[name] = items[0]
            })

            log.verbose('checksum data', JSON.stringify(expectShasums))
            done()
          })
        })
      }

      function downloadNodeLib (done) {
        log.verbose('on Windows; need to download `' + release.name + '.lib`...')
        var archs = ['ia32', 'x64', 'arm64']
        var async = archs.length
        archs.forEach(function (arch) {
          var dir = path.resolve(devDir, arch)
          var targetLibPath = path.resolve(dir, release.name + '.lib')
          var libUrl = release[arch].libUrl
          var libPath = release[arch].libPath
          var name = arch + ' ' + release.name + '.lib'
          log.verbose(name, 'dir', dir)
          log.verbose(name, 'url', libUrl)

          fs.mkdir(dir, { recursive: true }, function (err) {
            if (err) {
              return done(err)
            }
            log.verbose('streaming', name, 'to:', targetLibPath)

            try {
              var req = download(gyp, process.env, libUrl, cb)
            } catch (e) {
              return cb(e)
            }

            req.on('error', done)
            req.on('response', function (res) {
              if (res.statusCode === 403 || res.statusCode === 404) {
                if (arch === 'arm64') {
                  // Arm64 is a newer platform on Windows and not all node distributions provide it.
                  log.verbose(`${name} was not found in ${libUrl}`)
                } else {
                  log.warn(`${name} was not found in ${libUrl}`)
                }
                return
              } else if (res.statusCode !== 200) {
                done(new Error(res.statusCode + ' status code downloading ' + name))
                return
              }

              getContentSha(res, function (_, checksum) {
                contentShasums[libPath] = checksum
                log.verbose('content checksum', libPath, checksum)
              })

              var ws = fs.createWriteStream(targetLibPath)
              ws.on('error', cb)
              req.pipe(ws)
            })
            req.on('end', function () { --async || done() })
          })
        })
      } // downloadNodeLib()
    }) // mkdir()
  } // go()

  /**
   * Checks if a given filename is "valid" for this installation.
   */

  function valid (file) {
    // header files
    var extname = path.extname(file)
    return extname === '.h' || extname === '.gypi'
  }

  /**
   * The EACCES fallback is a workaround for npm's `sudo` behavior, where
   * it drops the permissions before invoking any child processes (like
   * node-gyp). So what happens is the "nobody" user doesn't have
   * permission to create the dev dir. As a fallback, make the tmpdir() be
   * the dev dir for this installation. This is not ideal, but at least
   * the compilation will succeed...
   */

  function eaccesFallback (err) {
    var noretry = '--node_gyp_internal_noretry'
    if (argv.indexOf(noretry) !== -1) {
      return cb(err)
    }
    var tmpdir = os.tmpdir()
    gyp.devDir = path.resolve(tmpdir, '.node-gyp')
    var userString = ''
    try {
      // os.userInfo can fail on some systems, it's not critical here
      userString = ` ("${os.userInfo().username}")`
    } catch (e) {}
    log.warn('EACCES', 'current user%s does not have permission to access the dev dir "%s"', userString, devDir)
    log.warn('EACCES', 'attempting to reinstall using temporary dev dir "%s"', gyp.devDir)
    if (process.cwd() === tmpdir) {
      log.verbose('tmpdir == cwd', 'automatically will remove dev files after to save disk space')
      gyp.todo.push({ name: 'remove', args: argv })
    }
    gyp.commands.install([noretry].concat(argv), cb)
  }
}

function download (gyp, env, url) {
  log.http('GET', url)

  var requestOpts = {
    uri: url,
    headers: {
      'User-Agent': 'node-gyp v' + gyp.version + ' (node ' + process.version + ')',
      Connection: 'keep-alive'
    }
  }

  var cafile = gyp.opts.cafile
  if (cafile) {
    requestOpts.ca = readCAFile(cafile)
  }

  // basic support for a proxy server
  var proxyUrl = getProxyFromURI(gyp, env, url)
  if (proxyUrl) {
    if (/^https?:\/\//i.test(proxyUrl)) {
      log.verbose('download', 'using proxy url: "%s"', proxyUrl)
      requestOpts.proxy = proxyUrl
    } else {
      log.warn('download', 'ignoring invalid "proxy" config setting: "%s"', proxyUrl)
    }
  }

  var req = request(requestOpts)
  req.on('response', function (res) {
    log.http(res.statusCode, url)
  })

  return req
}

function readCAFile (filename) {
  // The CA file can contain multiple certificates so split on certificate
  // boundaries.  [\S\s]*? is used to match everything including newlines.
  var ca = fs.readFileSync(filename, 'utf8')
  var re = /(-----BEGIN CERTIFICATE-----[\S\s]*?-----END CERTIFICATE-----)/g
  return ca.match(re)
}

module.exports = function (gyp, argv, callback) {
  return install(fs, gyp, argv, callback)
}
module.exports.test = {
  download: download,
  install: install,
  readCAFile: readCAFile
}
module.exports.usage = 'Install node development files for the specified node version.'
